pentesting
We attack you before others do!
High-quality pentests for higher ‘security standards’ and maximum added value.
Digital security is an imperative in an era where cyber-attacks are a constant threat to organisations of all sizes and sectors. With the ever-changing threat landscape, protecting your IT infrastructure is essential. We offer a proactive approach to alert you to new threats and help you implement effective security strategies to protect your data, intellectual property and reputation.
Types of Pentesting
1
Internal pentest
In an internal penetration test, we evaluate the current security state of your internal IT infrastructure by trying to work our way from basic access to comprehensive authorisations (e.g. domain administrator).
The main objective is to identify a wide range of vulnerabilities.
2
External pentest
In an external penetration test, we analyse the systems, networks and applications accessible via the Internet with regard to their vulnerabilities. Our aim is to comprehensively compromise these systems and gain access to the internal network.
We aim to recognise security risks and identify potential gateways for attackers.
3
Cloud Pentest (coming soon - join the waitlist) → Azure Cloud
More and more companies are turning to cloud technologies to reduce time, resources and costs. However, these technologies have reached a high level of complexity and without extensive expertise it is difficult to ensure their security.
In our upcoming cloud penetration test, we will focus specifically on the Microsoft Azure Cloud. We will check whether it is possible to penetrate the cloud environment to gain highly privileged access rights or to penetrate the local network (on-premise).
How does your pentest work?
Initial Meeting
In the initial meeting, we assess the common objectives. This includes determining the type of pentest and the scope to be investigated. We also define which people are involved in the project.
After the initial meeting, we will provide you with a customised offer.
Kickoff
After receiving your approval of the offer, we will send you a so-called ‘Permission to Attack’ (PTA). This document serves as your official authorisation to carry out the penetration test on your infrastructure.
It specifies exactly which area is to be analysed and which systems are to be excluded from the test. The time frame for the penetration test is also defined.
Pentest
Before the penetration test starts, you provide us with all the necessary information and access data for the infrastructure included in the defined scope. Our penetration test process is divided into the following six phases:
Gathering information
Execution of scans
Exploitation of vulnerabilities
Elevation of authorisations
Lateral movement
Preparation of the report
During the penetration test, we maintain continuous contact with your designated contact person in order to quickly clarify any questions or problems.
Reporting
Once our assessment is complete, we will prepare a detailed penetration test report that includes all identified vulnerabilities and detailed remediation strategies. In the final meeting, we discuss the most critical findings and recommended remediation steps with you and clarify any remaining questions. Even after the project has been completed, we will be happy to answer any further questions or provide advice.